Skip to content
Permalink
Browse files
AudioWorklet script doesn't inherit its owner document's referrer policy 
https://bugs.webkit.org/show_bug.cgi?id=244938

Reviewed by Geoffrey Garen and Darin Adler.

* LayoutTests/imported/w3c/web-platform-tests/worklets/audio-worklet-referrer.https-expected.txt:
* Source/WebCore/Modules/webaudio/AudioWorkletMessagingProxy.cpp:
(WebCore::generateWorkletParameters):
* Source/WebCore/workers/WorkerGlobalScope.cpp:
(WebCore::WorkerGlobalScope::WorkerGlobalScope):
(WebCore::WorkerGlobalScope::beginLoadingFontSoon):
(WebCore::WorkerGlobalScope::referrerPolicy const): Deleted.
* Source/WebCore/workers/WorkerGlobalScope.h:
* Source/WebCore/workers/WorkerOrWorkletGlobalScope.cpp:
(WebCore::WorkerOrWorkletGlobalScope::WorkerOrWorkletGlobalScope):
* Source/WebCore/workers/WorkerOrWorkletGlobalScope.h:
(WebCore::WorkerOrWorkletGlobalScope::WorkerOrWorkletGlobalScope):
* Source/WebCore/worklets/WorkletGlobalScope.cpp:
(WebCore::WorkletGlobalScope::WorkletGlobalScope):
(WebCore::WorkletGlobalScope::referrerPolicy const): Deleted.
* Source/WebCore/worklets/WorkletGlobalScope.h:
* Source/WebCore/worklets/WorkletParameters.h:
(WebCore::WorkletParameters::isolatedCopy const):
(WebCore::WorkletParameters::isolatedCopy):

Canonical link: https://commits.webkit.org/254306@main
  • Loading branch information
@cdumez
cdumez committed Sep 9, 2022
1 parent 79531d0 commit 499fe5155e3e556619dd33e61d09868d35da531f
Show file tree
Hide file tree
Showing 10 changed files with 18 additions and 31 deletions.
7 ...tTests/imported/w3c/web-platform-tests/worklets/audio-worklet-referrer.https-expected.txt
View file
@@ -1,4 +1,3 @@
CONSOLE MESSAGE: Origin https://localhost:9443 is not allowed by Access-Control-Allow-Origin. Status code: 500
Blocked access to external URL https://www1.localhost:9443/worklets/resources/referrer-checker.py?referrer_policy=no-referrer&expected_referrer=
Blocked access to external URL https://www1.localhost:9443/worklets/resources/referrer-checker.py?referrer_policy=origin&expected_referrer=https://localhost:9443/
CONSOLE MESSAGE: Origin https://localhost:9443 is not allowed by Access-Control-Allow-Origin. Status code: 500
@@ -7,9 +6,9 @@ CONSOLE MESSAGE: Origin https://localhost:9443 is not allowed by Access-Control-

PASS Importing a same-origin script from a page that has "no-referrer" referrer policy should not send referrer.
PASS Importing a remote-origin script from a page that has "no-referrer" referrer policy should not send referrer.
FAIL Importing a same-origin script from a page that has "origin" referrer policy should send only an origin as referrer. assert_equals: expected "RESOLVED" but got "Importing a module script failed."
FAIL Importing a remote-origin script from a page that has "origin" referrer policy should send only an origin as referrer. assert_equals: expected "RESOLVED" but got "Cross-origin script load denied by Cross-Origin Resource Sharing policy."
FAIL Importing a same-origin script from a page that has "same-origin" referrer policy should send referrer. assert_equals: expected "RESOLVED" but got "Importing a module script failed."
PASS Importing a same-origin script from a page that has "origin" referrer policy should send only an origin as referrer.
PASS Importing a remote-origin script from a page that has "origin" referrer policy should send only an origin as referrer.
PASS Importing a same-origin script from a page that has "same-origin" referrer policy should send referrer.
PASS Importing a remote-origin script from a page that has "same-origin" referrer policy should not send referrer.
PASS Importing a same-origin script from a same-origin worklet script that has "no-referrer" referrer policy should not send referrer.
FAIL Importing a remote-origin script from a same-origin worklet script that has "no-referrer" referrer policy should not send referrer. assert_equals: expected "RESOLVED" but got "Cross-origin script load denied by Cross-Origin Resource Sharing policy."
7 ...m/glib/imported/w3c/web-platform-tests/worklets/audio-worklet-referrer.https-expected.txt
View file
@@ -1,12 +1,11 @@
CONSOLE MESSAGE: Origin https://web-platform.test:9443 is not allowed by Access-Control-Allow-Origin. Status code: 500
CONSOLE MESSAGE: Origin https://web-platform.test:9443 is not allowed by Access-Control-Allow-Origin. Status code: 500
CONSOLE MESSAGE: Origin https://web-platform.test:9443 is not allowed by Access-Control-Allow-Origin. Status code: 500

PASS Importing a same-origin script from a page that has "no-referrer" referrer policy should not send referrer.
PASS Importing a remote-origin script from a page that has "no-referrer" referrer policy should not send referrer.
FAIL Importing a same-origin script from a page that has "origin" referrer policy should send only an origin as referrer. assert_equals: expected "RESOLVED" but got "Importing a module script failed."
FAIL Importing a remote-origin script from a page that has "origin" referrer policy should send only an origin as referrer. assert_equals: expected "RESOLVED" but got "Cross-origin script load denied by Cross-Origin Resource Sharing policy."
FAIL Importing a same-origin script from a page that has "same-origin" referrer policy should send referrer. assert_equals: expected "RESOLVED" but got "Importing a module script failed."
PASS Importing a same-origin script from a page that has "origin" referrer policy should send only an origin as referrer.
PASS Importing a remote-origin script from a page that has "origin" referrer policy should send only an origin as referrer.
PASS Importing a same-origin script from a page that has "same-origin" referrer policy should send referrer.
PASS Importing a remote-origin script from a page that has "same-origin" referrer policy should not send referrer.
PASS Importing a same-origin script from a same-origin worklet script that has "no-referrer" referrer policy should not send referrer.
PASS Importing a remote-origin script from a same-origin worklet script that has "no-referrer" referrer policy should not send referrer.
1 Source/WebCore/Modules/webaudio/AudioWorkletMessagingProxy.cpp
View file
@@ -58,6 +58,7 @@ static WorkletParameters generateWorkletParameters(AudioWorklet& worklet)
worklet.identifier(),
*document->sessionID(),
document->settingsValues(),
document->referrerPolicy(),
worklet.audioContext() ? !worklet.audioContext()->isOfflineContext() : false
};
}
8 Source/WebCore/workers/WorkerGlobalScope.cpp
View file
@@ -96,7 +96,7 @@ static WorkQueue& sharedFileSystemStorageQueue()
WTF_MAKE_ISO_ALLOCATED_IMPL(WorkerGlobalScope);

WorkerGlobalScope::WorkerGlobalScope(WorkerThreadType type, const WorkerParameters& params, Ref<SecurityOrigin>&& origin, WorkerThread& thread, Ref<SecurityOrigin>&& topOrigin, IDBClient::IDBConnectionProxy* connectionProxy, SocketProvider* socketProvider)
: WorkerOrWorkletGlobalScope(type, params.sessionID, isMainThread() ? Ref { commonVM() } : JSC::VM::create(), &thread, params.clientIdentifier)
: WorkerOrWorkletGlobalScope(type, params.sessionID, isMainThread() ? Ref { commonVM() } : JSC::VM::create(), params.referrerPolicy, &thread, params.clientIdentifier)
, m_url(params.scriptURL)
, m_ownerURL(params.ownerURL)
, m_inspectorIdentifier(params.inspectorIdentifier)
@@ -108,7 +108,6 @@ WorkerGlobalScope::WorkerGlobalScope(WorkerThreadType type, const WorkerParamete
, m_socketProvider(socketProvider)
, m_performance(Performance::create(this, params.timeOrigin))
, m_reportingScope(ReportingScope::create(*this))
, m_referrerPolicy(params.referrerPolicy)
, m_settingsValues(params.settingsValues)
, m_workerType(params.workerType)
, m_credentials(params.credentials)
@@ -571,11 +570,6 @@ void WorkerGlobalScope::beginLoadingFontSoon(FontLoadRequest& request)
downcast<WorkerFontLoadRequest>(request).load(*this);
}

ReferrerPolicy WorkerGlobalScope::referrerPolicy() const
{
return m_referrerPolicy;
}

WorkerThread& WorkerGlobalScope::thread() const
{
return *static_cast<WorkerThread*>(workerOrWorkletThread());
3 Source/WebCore/workers/WorkerGlobalScope.h
View file
@@ -154,8 +154,6 @@ class WorkerGlobalScope : public Supplementable<WorkerGlobalScope>, public Base6
std::unique_ptr<FontLoadRequest> fontLoadRequest(String& url, bool isSVG, bool isInitiatingElementInUserAgentShadowTree, LoadedFromOpaqueSource) final;
void beginLoadingFontSoon(FontLoadRequest&) final;

ReferrerPolicy referrerPolicy() const final;

const Settings::Values& settingsValues() const final { return m_settingsValues; }

FetchOptions::Credentials credentials() const { return m_credentials; }
@@ -241,7 +239,6 @@ class WorkerGlobalScope : public Supplementable<WorkerGlobalScope>, public Base6
#endif
std::unique_ptr<CSSValuePool> m_cssValuePool;
RefPtr<CSSFontSelector> m_cssFontSelector;
ReferrerPolicy m_referrerPolicy;
Settings::Values m_settingsValues;
WorkerType m_workerType;
FetchOptions::Credentials m_credentials;
3 Source/WebCore/workers/WorkerOrWorkletGlobalScope.cpp
View file
@@ -40,13 +40,14 @@ namespace WebCore {

WTF_MAKE_ISO_ALLOCATED_IMPL(WorkerOrWorkletGlobalScope);

WorkerOrWorkletGlobalScope::WorkerOrWorkletGlobalScope(WorkerThreadType type, PAL::SessionID sessionID, Ref<JSC::VM>&& vm, WorkerOrWorkletThread* thread, ScriptExecutionContextIdentifier contextIdentifier)
WorkerOrWorkletGlobalScope::WorkerOrWorkletGlobalScope(WorkerThreadType type, PAL::SessionID sessionID, Ref<JSC::VM>&& vm, ReferrerPolicy referrerPolicy, WorkerOrWorkletThread* thread, ScriptExecutionContextIdentifier contextIdentifier)
: ScriptExecutionContext(contextIdentifier)
, m_script(makeUnique<WorkerOrWorkletScriptController>(type, WTFMove(vm), this))
, m_moduleLoader(makeUnique<ScriptModuleLoader>(*this, ScriptModuleLoader::OwnerType::WorkerOrWorklet))
, m_thread(thread)
, m_inspectorController(makeUnique<WorkerInspectorController>(*this))
, m_sessionID(sessionID)
, m_referrerPolicy(referrerPolicy)
{
}

4 Source/WebCore/workers/WorkerOrWorkletGlobalScope.h
View file
@@ -79,9 +79,10 @@ class WorkerOrWorkletGlobalScope : public ScriptExecutionContext, public RefCoun
virtual void resume() { }

virtual FetchOptions::Destination destination() const = 0;
ReferrerPolicy referrerPolicy() const final { return m_referrerPolicy; }

protected:
WorkerOrWorkletGlobalScope(WorkerThreadType, PAL::SessionID, Ref<JSC::VM>&&, WorkerOrWorkletThread*, ScriptExecutionContextIdentifier = { });
WorkerOrWorkletGlobalScope(WorkerThreadType, PAL::SessionID, Ref<JSC::VM>&&, ReferrerPolicy, WorkerOrWorkletThread*, ScriptExecutionContextIdentifier = { });

// ScriptExecutionContext.
bool isJSExecutionForbidden() const final;
@@ -111,6 +112,7 @@ class WorkerOrWorkletGlobalScope : public ScriptExecutionContext, public RefCoun
std::unique_ptr<EventLoopTaskGroup> m_defaultTaskGroup;
std::unique_ptr<WorkerInspectorController> m_inspectorController;
PAL::SessionID m_sessionID;
ReferrerPolicy m_referrerPolicy;
bool m_isClosing { false };
};

9 Source/WebCore/worklets/WorkletGlobalScope.cpp
View file
@@ -50,7 +50,7 @@ WTF_MAKE_ISO_ALLOCATED_IMPL(WorkletGlobalScope);
static std::atomic<unsigned> gNumberOfWorkletGlobalScopes { 0 };

WorkletGlobalScope::WorkletGlobalScope(WorkerOrWorkletThread& thread, Ref<JSC::VM>&& vm, const WorkletParameters& parameters)
: WorkerOrWorkletGlobalScope(WorkerThreadType::Worklet, parameters.sessionID, WTFMove(vm), &thread)
: WorkerOrWorkletGlobalScope(WorkerThreadType::Worklet, parameters.sessionID, WTFMove(vm), parameters.referrerPolicy, &thread)
, m_topOrigin(SecurityOrigin::createOpaque())
, m_url(parameters.windowURL)
, m_jsRuntimeFlags(parameters.jsRuntimeFlags)
@@ -64,7 +64,7 @@ WorkletGlobalScope::WorkletGlobalScope(WorkerOrWorkletThread& thread, Ref<JSC::V
}

WorkletGlobalScope::WorkletGlobalScope(Document& document, Ref<JSC::VM>&& vm, ScriptSourceCode&& code)
: WorkerOrWorkletGlobalScope(WorkerThreadType::Worklet, *document.sessionID(), WTFMove(vm), nullptr)
: WorkerOrWorkletGlobalScope(WorkerThreadType::Worklet, *document.sessionID(), WTFMove(vm), document.referrerPolicy(), nullptr)
, m_document(document)
, m_topOrigin(SecurityOrigin::createOpaque())
, m_url(code.url())
@@ -152,11 +152,6 @@ void WorkletGlobalScope::addMessage(MessageSource source, MessageLevel level, co
m_document->addMessage(source, level, messageText, sourceURL, lineNumber, columnNumber, WTFMove(callStack), nullptr, requestIdentifier);
}

ReferrerPolicy WorkletGlobalScope::referrerPolicy() const
{
return ReferrerPolicy::NoReferrer;
}

void WorkletGlobalScope::fetchAndInvokeScript(const URL& moduleURL, FetchRequestCredentials credentials, CompletionHandler<void(std::optional<Exception>&&)>&& completionHandler)
{
ASSERT(!isMainThread());
2 Source/WebCore/worklets/WorkletGlobalScope.h
View file
@@ -72,8 +72,6 @@ class WorkletGlobalScope : public WorkerOrWorkletGlobalScope {

void evaluate();

ReferrerPolicy referrerPolicy() const final;

void addConsoleMessage(std::unique_ptr<Inspector::ConsoleMessage>&&) final;

SecurityOrigin& topOrigin() const final { return m_topOrigin.get(); }
5 Source/WebCore/worklets/WorkletParameters.h
View file
@@ -38,10 +38,11 @@ struct WorkletParameters {
String identifier;
PAL::SessionID sessionID;
Settings::Values settingsValues;
ReferrerPolicy referrerPolicy;
bool isAudioContextRealTime;

WorkletParameters isolatedCopy() const & { return { windowURL.isolatedCopy(), jsRuntimeFlags, sampleRate, identifier.isolatedCopy(), sessionID, settingsValues.isolatedCopy(), isAudioContextRealTime }; }
WorkletParameters isolatedCopy() && { return { WTFMove(windowURL).isolatedCopy(), jsRuntimeFlags, sampleRate, WTFMove(identifier).isolatedCopy(), sessionID, WTFMove(settingsValues).isolatedCopy(), isAudioContextRealTime }; }
WorkletParameters isolatedCopy() const & { return { windowURL.isolatedCopy(), jsRuntimeFlags, sampleRate, identifier.isolatedCopy(), sessionID, settingsValues.isolatedCopy(), referrerPolicy, isAudioContextRealTime }; }
WorkletParameters isolatedCopy() && { return { WTFMove(windowURL).isolatedCopy(), jsRuntimeFlags, sampleRate, WTFMove(identifier).isolatedCopy(), sessionID, WTFMove(settingsValues).isolatedCopy(), referrerPolicy, isAudioContextRealTime }; }
};

} // namespace WebCore

0 comments on commit 499fe51

Please sign in to comment.